Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

is this a Malware? from what

al404

al404

macrumors 6502a
Original poster
Apr 24, 2011
541
35
Novara, Italy
Since few days when I browse the web via Safari from iMac and MacBook both running latest system update it happens that On some pages clicking ( not sure where ) it opens this link

I did run an antivirus / malware on MacBook without any response
I'm pretty safe on what I install on my Mac, only well known software and most of them from App Store
Not where it can come from
The strange thing is that I encountered on 2 different website at the moment

I also run the MacOS firewall and little snitch


http://your-mac-security-analysis.n...111AjOavi5gqLSFSu7AgRAQ8W6znEpmHDlX7uuD4fWg#b
 
your mac hasn't been infected with malware.
somewhere during your web browsing, you landed on a page that redirects you to the page of the link you provided.
that redirected page sells antivirus software.
 
You’ve probably been on a ‘dodgy’ site via a link somewhere (torrent/file sharing sites are full of these), and clicking one of their links has brought that up.

It’s ‘malvertising’ trying to make you believe you’re infected, so that they can seek you some overpriced copy of software (or software that actually does install malware).

You can add a rule to LittleSnitch to block that host name/domain from connecting in future.
 
tyc0746 said:
You’ve probably been on a ‘dodgy’ site via a link somewhere (torrent/file sharing sites are full of these), and clicking one of their links has brought that up.

It’s ‘malvertising’ trying to make you believe you’re infected, so that they can seek you some overpriced copy of software (or software that actually does install malware).

You can add a rule to LittleSnitch to block that host name/domain from connecting in future.
Click to expand...

it seems to me that it happens on a slideshow of a website I guess similar to craigslist
they embed Ads and seem inside the Ad, Ad image is not from from scam website

Is seem like it got into the Ads provider
 
  • Use Malwarebytes, it’s the most reliable tool in terms of protection. Recommended by quite a few Apple Stores I’ve been to and my current Employer, an AASP.
  • Check your Browser for any sketchy extensions
  • Make sure you're not using any weird search engines.
  • Get an Ad Blocker. I recommend AdGuard. They do have a free Extension for each Browser
 
Last edited:
I did use MalwareBytes and did not find anything but today it happened again on an eBay page, did not clicked anything and got redirect to some crap like "update flash player"

I have only have 2 extensions that are installed on my Mac and on my Mac and my macbook: mate translate and enpass
I unistalled mate translate

EDIT: both are installed from Mac App Store
 
Just happened again after removing mate translate and today update to safari 13

I did check the source code comparing what is generated in safari with the same page in firefox and I can't really find a difference next time I try with a different browser

but I noticed that the website was using cloudflare, hotter, iubenda and Facebook embed
 
Just happened again, it does happen just once in a while

the website I was visiting
camelcamelcamel.com

Amazon price tracker, Amazon price history charts, price watches, and price drop alerts.

camelcamelcamel: Amazon price tracker, Amazon price history charts, price watches, and price drop alerts.
camelcamelcamel.com camelcamelcamel.com

some riderect link that I can catch from history, I got more than 1 link because I try to do a back with browser button and because it happened twice on camel camel

Code: 
https://offers.cloackp.com/?utm_term=6741629123086516562&clickverify=1&utm_content=e7cacbe0c0dbc9c1a2a391939e97a4928f89b888becabcc8b2b381838e87b483bcb888a4bfbdbc8db68380b086878485a89bd9e9eef3f9bdd1fcfde1e3e3f1e7c6cba1878dc1ecdfd6e3d2d5e6e7e491888e9df9fecefcccc0cbc0f1cec7c4f5cacb93

http://www.onclickbright.com/jump/next.php?r=2564663&sub1=fa2eaaa248318a52d87709844fc52e82

http://the.bestoffersonline.stream/?utm_term=6741629088760332384&clickverify=1&utm_content=e7cacbe0c0dbc9c1a2a391939e97a4928f89b888becabcc8b2b381838e87b483bcb888a4bfbdbc8db3b08081b78784859aa998d8eeeff0f8b2d0fffce6e2e0f098c7c8a0808cc2edd0d7e0d3d2e7e4e58e898d9cfeffcdfdc3c1c8c1f6cfc4c5cacbc8b1

http://your-mac-security-analysis.net.nqzydlwujf.jpq3e79tkdkadewzduklbx9tuzemffw.xyz/fx/it/index.php?browser=Safari&fred=1&app=Mac%20Speedup%20Pro&hul=rs.eujmj3g.space&cep=WcrU0Oz8lejkuuyYXVEKlHGAtCZUhJMxDxNe1-ShATfKshdqWr-2y908CiSqEj4x_B0NJUK3XzXjQbeCnjPUMF3mvW7e8CRJ0fqe395_xtYv1Pu3wun5AMPmoUK-BCMCg9UFr1-vu_NPtUHZj9QX4qpoF2ALiL2dW8evI4rcA-z1dxqHZyvKhp-JD36QVin2ZgJ6F11dQ6HsZnjC1VH9z4Ry47_-FLZRvHLkZanARDST808nTzD-ulGHXBCwQGzs02LR7f3rz4jpiZplGA2sacpvOU4T-oIWynXHw6jQJKo72bWBWzwvW1dzhauIOpSemYMwGAo9yVf7yRxG9yk8ze5Sf3bxXnz9MOWGQKeUgT8IpqZ_BG2Yn59-dob9LNZJn4t-us70y7h5huSEl3TqMvCoDNaYVkeNbirUrPMT-Lf1qiIG1a5MI4ZFK3cN2I1vI9ksilGrBcd--PTiE4KmZ9Xn024ffZ0jCKsuO7sLetfnC5aFzMVZVUJ2nwjHFPtBE8lTs5PGZK-X-wvejbIoLIxVmBKi6RZLK-4wkfUfPW4yrsZeDcdVy31bMn6JXgylRwaRM8_0kuyuEJNkOLRfbA&_=BAYAXY8T5gFdjxPmgAGBAcAAIPvFWVFKIhd-xpB1lduPG_TkXVYqRAisUVAzZnlY5JMHwQAgtUE_M4prtFHd9JC5CiW4G3nqarPR9kIGyPoM6H9wnNE#b
 
Try to avoid the back button when you get a re-direct window like that.
("back" will often re-send the same link, which leaves you in the same link - or some other random link, which is probably why you get more than one of those "shopping" adware links)
Just close the window without touching the pop-up, or quit Safari if you can't simply close the browser window.
 
al404 said:
Code: 
offers.cloackp.com
onclickbright.com
the.bestoffersonline.stream
your-mac-security-analysis.net.nqzydlwujf.jpq3e79tkdkadewzduklbx9tuzemffw.xyz
Click to expand...
Block those domains with Little Snitch.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back